Threat from automated web application attacks on the rise

By Stuart Sumner
27 Jan 2012 View Comments
Cyber crime key on keyboard

Web applications suffered nearly 38,000 cyber attacks per hour at their peak in the period between June and November last year.

Whereas, for the period November 2010 to May 2011, applications experienced about 25,000 attacks per hour.

Further reading

According to a new report from security firm Imperva, hackers are commonly relying on business logic attacks because they are hard to detect and therefore often successful.

A business logic attack is where a hacker abuses the legitimate business logic of an interactive website or application. This could range from simply guessing or 'brute forcing' the password, to using a 'contact us' feature to drown the server in spam.

The attack can also be used to gather sensitive information.

"Business logic attacks are attractive for hackers since they follow a legitimate flow of interaction of a user with the application," said Amichai Shulman, Imperva's CTO.

"This interaction is guided by an understanding of how specific sequences of operations affect the application's functionality. Therefore, the abuser can lead the application to reveal private information for harvesting, skew information shared with other users and much more – often bypassing security controls."

Imperva found that hackers exploit five common application vulnerabilities: Remote File Inclusion (RFI), SQL Injection (SQLi), Local File Inclusion (LFI), Cross Site Scripting (XSS) and Directory Traversal (DT).

Automatic tools are increasingly being used to perpetrate these attacks as they enable an attacker to target more applications and exploit more vulnerabilities than any manual method possibly could.

Many of these attacks can be prevented with proper website design and security scanning software that analyses requests made through web-facing applications and services.

Reader comments
blog comments powered by Disqus
Newsletters
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

21 %
50 %
12 %
17 %